How can I comply and stay compliant?

Christophe Ruppert, Cyber-Resilience Advisor, EBRC
By EBRC 22/06/2023
Banking, Insurance & Fintech
Health & Life Sciences
Public Sector & European Institutions
Defense & Space
Technology & Software Providers
Energy, Logistics & Industry

Between regulations, directives and circulars, complying and maintaining compliance is a real challenge for businesses. The first step is to understand the regulations and apply them within your business. But where do you start, and how do you manage, facilitate and maintain compliance? 

An interview with Christophe Ruppert, Cyber-Resilience Advisor at EBRC. 

How do you apply the many regulations and directives?

This is a real challenge for companies. They have to transpose the various regulatory obligations, whether international, national or even specific to their sector, their company and their own activities. But it does not stop there, companies are also being asked to develop a clear response with an implementation project and to be able to demonstrate compliance to the relevant authorities. 

Fortunately, there are a number of methodological tools available to provide an effective response to this problem. In particular, ISO management systems and their best practices for developing common semantics for the company and its ecosystem. Two companies that are certified or that apply best practices speak the same language, which can reassure certain customers with respect to their suppliers, and vice versa. The aim is to share the right level of information with all stakeholders. 

As part of its Consulting activity and to help you find your way around the topic, EBRC has mapped the regulations and the concrete actions to be implemented. Take DORA - the Digital Operational Resilience Act, for example, which will apply to all financial institutions in Europe by 2025. We offer our customers maturity studies for compliance, as well as remediation plans and concrete action plans. 

Has maintaining compliance every year become an impossible challenge? 

Not at all! But it is essential to implement real processes and set achievable targets. The management of regulatory compliance is based on maintaining the operational conditions of the systems that have been implemented. 

I could mention, for example, the problem of centralising the various resources and making them available to the different players in order to manage any event or incident that could lead to a crisis, whatever its nature. Cyber-security and cyber-resilience are the pillars of this common understanding. 

To prepare for this, EBRC helps you to implement your compliance using a proven methodology, to train with certification courses, to design and run your crisis management exercises, and to model and operationalise them with the Cyber-Resilience Portal tools associated with our partner Everbridge. 

This means that your cyber-security and cyber-resilience systems are ready to be deployed when the time comes.